Help

#237 Use sandboxing for builds

The sandbox-exec(1) functionality allows you to restrict process behavior. This could be used to prevent builds from writing outside the build dir, and might allow hiding /usr/local as well for reliability.